The bipartisan PATCH Act would establish an interagency review board chaired by the Department of Homeland Security.

The current global ‘WannaCry’ ransomware attacks have inspired the introduction of a new bill in the House. The Protecting Our Ability to Counter Hacking (PATCH) Act was introduced on Wednesday and supported by Representatives Ted Lieu and Blake Farenthold, and Senators Brian Schatz, Ron Johnson and Cory Gardner. It would see the Department of Homeland Security chairing a Review Board to make sure that software vulnerability policies are consistently disclosed to non-government entities.

The PATCH Act

Currently, the government has the Vulnerabilities Equities Process or VEP in place on how to inform the technology industry of software problems that it discovered. In practice, such information often did not make its way to the vendors in time for the software companies to come up with patches to remedy the exploits.

The PATCH Act will have the Review Board identify “whether, when, how, to whom, and to what degree” a vulnerability held by a government entity might be disclosed.

Some industry groups and technology companies have been backing the act, including the Coalition for Cybersecurity Policy and Law, the Center for Democracy and Technology, McAfee and Mozilla, the developer of the Firefox browser.

Other members of the review board would be the secretary of Homeland Security, the secretary of Commerce, the director of National Intelligence, and the directors of the Federal Bureau of Investigation (FBI), the Central Intelligence Agency (CIA) and the director of the national security Agency (NSA), along with ad hoc members.

Don’t miss the latest news!

Click on the topic you interest most. We'll keep you updated with all the news you shouldn't miss.

According to a statement about the bill, the bipartisan legislation would add transparency and accountability to the U.S. government, who is among the many parties researching zero-day vulnerabilities. Such information is not always made available to the vendors for national security purposes.

Last week’s global attacks

The WannaCry global ransomware was launched on May 12, infecting more than 230,000 computers in at least 150 countries.

Microsoft has blamed the NSA for stockpiling cyber weapon, which is what the malware is said to be based on.

The ransomware meddled with trains in Germany, locked up access to UK’s National Health Service computers, banks, and schools, and further caused the shutdown of Renault factories in Europe. The new analysis suggested that the ransomware, which holds computer files as a hostage, could have links to a North Korean group.

Once a computer is infected, a message will be displayed demanding that the user pays $300 to $600 in bitcoins for access. The U.S. government has largely blamed Russia and China for the events leading to the WannCry global outbreak.

This area provides transparent information about Blasting News, our editorial processes and how we strive for creating trustworthy news. Moreover, it fulfills our commitment to The Trust Project - News with Integrity (Blasting News is not part of the programme yet).

This website uses cookies, including third-party cookies, and other profiling technologies, such as ones which combine information collected through different website functions, in order to collect statistical information on users, used to send promotional messages in line with their preferences. To deny consent to the use of such cookies and profiling technologies, click here. If you continue your navigation by accessing another area of the website or selecting any of its elements (for example, an image or a link) you express your consent to the use of cookies and other profiling technologies used by the website.